Crypto

Faces US Extradition for $190M Crypto Theft

2 days ago
Bitcoin Ethereum News

TLDR

  • Israeli-Russian citizen Alexander Gurevich arrested for alleged role in $190M Nomad bridge hack
  • Gurevich allegedly exploited vulnerability, stealing $2.89M before copycats took the rest
  • Attempted to flee to Russia using altered identity documents
  • Faces US extradition on money laundering and computer-related charges
  • Previously contacted Nomad team via Telegram, requesting $500,000 bounty

Israeli police arrested Alexander Gurevich last week at Ben Gurion Airport in Tel Aviv. He was allegedly attempting to flee to Russia using a passport with a different name.

Gurevich, a dual Russian-Israeli citizen, is accused of playing a key role in the 2022 Nomad bridge hack that resulted in $190 million in stolen cryptocurrency. This hack led to the collapse of the crypto bridge protocol.

US prosecutors claim Gurevich was the first to exploit a weakness in Nomad’s smart contracts. They specifically accuse him of siphoning $2.89 million in cryptocurrency during the August 2022 attack.

Israeli authorities are now arranging for his extradition to the United States. There, he will face money laundering and computer-related charges that could carry up to 20 years in prison.

Identity Change Attempt

According to reports, Gurevich returned to Israel from an overseas trip on April 19. Shortly after, he was ordered to appear before the Jerusalem District Court for an extradition hearing.

On April 29, Gurevich changed his name in Israel’s Population Registry to “Alexander Block.” He received a passport under this new name at Ben-Gurion Airport the next day.

His attempt to flee was thwarted when authorities arrested him on May 1 while he waited to board a flight to Russia. The US had submitted a formal extradition request in December 2024.

The Nomad Bridge Hack

The Nomad bridge hack of August 2022 was unusual in how it unfolded. While Gurevich allegedly initiated the exploit, the majority of the $190 million loss came from copycat attackers.

Once Gurevich’s exploit was detected, others quickly replicated it. Blockchain researcher Samczsun explained: “This is why the hack was so chaotic — you didn’t need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person’s address with yours, and then re-broadcast it.”

Coinbase data revealed 88 unique wallet addresses identified as copycats. These addresses were responsible for removing $88 million from the bridge.

Not all participants were malicious actors. Some were “whitehats” — ethical hackers who later returned funds they had withdrawn during the attack.

Communication with Nomad

Following the hack, Gurevich allegedly contacted Nomad’s chief technology officer, James Prestwich, via Telegram. Using a fake identity, he admitted to “amateurishly” seeking a crypto protocol to exploit.

During these communications, he apologized for “the trouble he caused Prestwich and his team.” He also voluntarily transferred about $162,000 into a recovery wallet the company had set up.

Prestwich reportedly offered Gurevich 10% of the value of the assets he had stolen as a reward. Gurevich responded that he would consult his lawyer but never contacted Nomad again.

At some point during negotiations, Gurevich demanded a $500,000 bounty for identifying the vulnerability. This type of arrangement isn’t uncommon in the crypto world, where exploiters sometimes negotiate to keep a percentage of stolen funds in exchange for returning the rest.

US federal authorities filed an eight-count indictment against Gurevich in the Northern District of California on August 16, 2023. They also obtained a warrant for his arrest at that time.

Source: https://blockonomi.com/nomad-bridge-hacker-arrested-in-israel-faces-us-extradition-for-190m-crypto-theft/